I somewhat agree, it’s been shown that BT is in fact intercepting and replying to DNS queries fraudulently, but Google is still facilitating this by providing a server address that intentionally disables SSL against the client’s wishes. So while the title is not as accurate as I thought, it makes a point which is still valid.

(sorry for delay, this got buried in the spam bin)

I think it has been argued here in the comments that Google is not at fault, but BT is. If you add 216.239.32.20 http://www.google.co.uk (216.239.32.20 is the IP for nossl.google.com) to your HOSTS file and go to https://www.google.co.uk, it will redirect to http. This is intentional and not by request from BT, but due to BT returning modified DNS records.

Your title is now misleading…

Whoa, that means it’s every DNS request and not just those for Google, so the DNS server logs would be interesting of themselves.

Thanks for checking this out!

Also implies that if you did a lookup directly against your own DNS server rather than 8.8.8.8, the UDP packet would never reach it.

As a webmaster you could have fun with this, and easily redirect all users from BTWifi to a different site… which injected some JS and displayed a warning…. :-)

That feature was meant for schools to force safesearch, and is being abused by BT. It will be turned off http://googleonlinesecurity.blogspot.com/2014/10/an-update-to-safesearch-options-for.html

I run a DNS service which logs the server doing lookups. I then looked up unique hostnames on my domain to avoid caching. I did this whilst connected to the BT access point which I can see via wifi from my house and to my surprise everything came from BT even when I explicitly requested 8.8.8.8. The reason I’m surprised is because I’m fairly sure this is new as I’m sure they didn’t do this before.

However you now have your answer. They’re definitely doing dns interception and using that to direct to the nosslsearch host to force http. Possibly so users don’t get confusing error messages, but more likely for some financial gain related to ads or something.

That would explain how I ended up using that IP. Not sure how I missed it though as it’s clearly sending the CNAME record… wish I’d noticed this!

(your comment ended up in the Akismet spam queue, sorry for the delay in approving)

I wouldn’t be surprised if just putting an ssl-friendly IP for http://www.google.com isn’t enough; just looking at your curl output’s redirect to https://www.google.co.uk makes me suspect if you’d had *that* in your hosts file too, you wouldn’t have got the second redirect to http://